An unknown hacker got into a NASA server in October 2018, the agency revealed this week, and stole the personal information of current and former employees. That information included Social Security numbers, reports ZDNet. Mission information appears unaffected. NASA leadership sent an email to staff alerting them of the breach this week, but also making it clear they have no idea yet who was behind it or how widespread the hack was, despite it having occurred more than two months ago. Nor do they know exactly what the hackers were looking for. They aren’t in any way suggesting it was aliens the hackers were after, and we’re not suggesting that either. But you never know.

As he’s entitled to under the European Union’s General Data Protection Regulation, a German man asked Amazon to send him all of the recordings of his interactions with his Amazon Echo device. Amazon complied, sending out more than 1,000 WAV files, but ended up delivering someone else’s voice recordings altogether. Alarmed, the recipient of the stranger’s Alexa history sent the files to a German magazine called c’t. The magazine was able to easily identify the Amazon customer in question, as well as a female friend who was apparently also in the recordings. Amazon told the magazine that the mistake was caused by human error. Three days after the magazine contacted Amazon, the company reached out to the customer whose private information had been erroneously shared with a stranger and explained that a staff member had made a “one-time error” that breached his privacy. Yikes.

Zack Whittaker over at TechCrunch has the scoop this week that social media site Blind, which supposedly lets you anonymously post complaints about your employer, accidentally exposed the names and messages of thousands of recent users. One of Blind’s servers, Whittaker reports, was left unsecured without a password, open for any curious person to probe. A security researcher found the hole, and and let the company know. Blind says it has found no evidence that any of the data was misused, but Whittaker notes they provide no support for that claim. Some of the company’s other claims didn’t stand up to scrutiny either, such as the insistence that the site never stores email addresses on its servers. Whittaker says he found plaintext email addresses, passwords that were easy to unscramble, and unencrypted private messages among the data on the exposed server. looked at the information on the compromised server and found evidence to the contrary. Some of the email addresses identified high-ranking employees at Silicon Valley’s biggest tech companies.

It’s nearly 2019, and yet the 2016 election is still not really over. It feels like every week we learn more about how that fateful race was messed up. This time the news comes from Buzzfeed, which reported that whistleblowers within the US Treasury department admitted to using a secret, unencrypted back channel to talk to Russian agents during the election. The Russian spies were looking for classified information on Clinton donors, which they hoped to weaponize against the candidate as part of the widespread influence campaign to elect president Trump. Despite some in Treasury warning that the Russians were up to no good, others in the department continued exchanging information with them over insecure Gmail and Hotmail accounts. They did so until 2017.

In an apparent response to the *Wall Street Journal’*s reporting on PewDiePie’s anti-semitic rhetoric, the controversial YouTube stars fans took over part of WSJ‘s website on Monday. The hackers placed a fake message on the site that pretended to be the newspaper apologizing to PewDiePie, and claiming the newspaper fired journalists who had reported on him. After that, they asked people to share their credit card numbers, because of course they did. By the time PewDiePie himself tweeted a link to the defaced page, it had been taken down.

Why does this story sound so familiar? Oh, right, because the same thing came to light a few months ago about Google. But now, Gizmodo reports that Facebook, too, keeps tracking you even after you explicitly turn off your location tracking services in your account. It does this by tracking the location of your IP address, and any check-ins people do, as well as their current city information in their Facebook profile, according to a Facebook spokesperson. The company denies tracking the location of people’s Wi-Fi after they have opted out of location tracking, but Gizmodo suggests that option would be available to Facebook, too.